What is SUPI (subscription permanent identifier)

Demystifying SUPI (Subscription Permanent Identifier) in 5G Networks

SUPI (Subscription Permanent Identifier) is a crucial element in 5G networks, acting as a unique and permanent identifier assigned to a subscriber by their home network provider. It plays a vital role in subscriber authentication and authorization within the 5G core network.

Here's a deeper dive into the technical aspects of SUPI:

Core Function:

• SUPI serves as a unique reference for a subscriber within the 5G network. It allows the network to identify the subscriber and access their subscription information, such as service plans and billing details.
• Unlike temporary identifiers used for network communication, SUPI remains constant throughout a subscriber's association with the network provider.

Structure of SUPI:

• The format of SUPI is typically a string of 15 decimal digits.
• These digits are further broken down into:
  • Mobile Country Code (MCC): The first three digits identify the subscriber's home country (e.g., 310 for the United States).
  • Mobile Network Code (MNC): The next two or three digits identify the specific mobile network operator within the country (e.g., 004 for AT&T in the US).
  • Mobile Subscriber Identification Number (MSIN): The remaining digits uniquely identify the individual subscriber within the network operator's subscriber base.

Privacy Concerns and SUPI Concealment:

• Exposing a subscriber's SUPI in plain text during network communication raises privacy concerns. It could potentially be intercepted and misused for tracking or identity theft.
• To address this, 5G networks employ a mechanism called SUPI Concealment. It involves encrypting the SUPI before transmitting it within the network.

Process Flow with SUPI Concealment:

1. UE (User Equipment) Initiation: The user equipment (e.g., phone) initiates communication with the network.
2. SUPI Encryption: The UE encrypts the subscriber's SUPI using the public key of the Home Network Public Land Mobile Network (HPLMN).
3. Concealed Identifier (SUCI): The resulting encrypted value is called the Subscription Concealed Identifier (SUCI).
4. Network Processing: The SUCI is transmitted to the network instead of the plain-text SUPI. The network decrypts the SUCI using the corresponding private key to reveal the SUPI for internal processing.

Benefits of SUPI:

• Subscriber Identification: SUPI provides a reliable and permanent identifier for subscriber management within the 5G network.
• Network Functionality: It enables essential network functions like service provisioning, authentication, and authorization.
• Security Foundation: SUPI, along with SUPI Concealment, forms the basis for secure subscriber identification and communication in 5G networks.

Limitations:

• Complexity: The additional encryption and decryption processes associated with SUPI Concealment add some complexity to network operations.
• Network Infrastructure: Implementing SUPI and SUPI Concealment requires network infrastructure upgrades to handle encryption and decryption tasks.

Conclusion:

SUPI plays a critical role in subscriber identification and network management within 5G. By leveraging SUPI Concealment, 5G networks prioritize subscriber privacy while maintaining functionality. As 5G technology evolves, SUPI is expected to remain a cornerstone for secure and efficient subscriber management.